From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Zhiguang Liu <zhiguang.liu@intel.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
Jiewen Yao <jiewen.yao@intel.com>
Subject: [PATCH V3 0/3] Add TdxLib support for Intel TDX
Date: Tue, 9 Mar 2021 14:12:54 +0800 [thread overview]
Message-ID: <cover.1615269637.git.min.m.xu@intel.com> (raw)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3249
The patch series provides lib support for Intel Trust Domain Extensions
(Intel TDX).
Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
Encryption (MKTME) with a new kind of virutal machines guest called a
Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
confidentiality of TD memory contents and the TD's CPU state from other
software, including the hosting Virtual-Machine Monitor (VMM), unless
explicitly shared by the TD itself.
The Intel TDX module uses the instruction-set architecture for Intel TDX
and the MKTME engine in the SOC to help serve as an intermediary between
the host VMM and the guest TD. TDCALL is the instruction which allows TD
guest privileged software to make a call for service into an underlying
TDX-module.
TdxLib is created with functions to perform the related Tdx operation.
This includes functions for:
- TdCall : to cause a VM exit to the Intel TDX module
- TdVmCall : it is a leaf function 0 for TDCALL
- TdVmCallCpuid : enable the TD guest to request VMM to emulate CPUID
- TdReport : to retrieve TDREPORT_STRUCT
- TdAcceptPages : to accept pending private pages
- TdExtendRtmr : to extend one of the RTMR registers
The base function in MdePkg will not do anything and will return an error
if a return value is required. It is expected that other packages
(like OvmfPkg) will create a version of the library to fully support a TD
guest.
We create an OVMF version of this library to begin the process of providing
full support of TDX in OVMF.
To support the emulation and test purpose, 2 PCDs are added in OvmfPkg.dec
- PcdUseTdxAcceptPage
Indicate whether TdCall(AcceptPage) is used.
- PcdUseTdxEmulation
Indicate whether TdxEmulation is used.
<https://software.intel.com/content/www/us/en/develop/articles/
intel-trust-domain-extensions.html>, defitions in TdxLib comes from:
[1] Intel TDX(R) Module 1.0 EAS
[2] Intel(R) TDX Guest-Hypervisor Communication Interface
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Min Xu (3):
MdePkg: Add Tdx support lib
OvmfPkg: Add PCDs for TdxLib
OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF
MdePkg/Include/IndustryStandard/Tdx.h | 201 +++++++++++++++++++++
MdePkg/Include/Library/TdxLib.h | 165 ++++++++++++++++++
MdePkg/Include/Protocol/Tdx.h | 29 ++++
MdePkg/Library/TdxLib/TdxLibNull.c | 155 +++++++++++++++++
MdePkg/Library/TdxLib/TdxLibNull.inf | 33 ++++
OvmfPkg/Library/TdxLib/AcceptPages.c | 68 ++++++++
OvmfPkg/Library/TdxLib/Rtmr.c | 80 +++++++++
OvmfPkg/Library/TdxLib/TdReport.c | 102 +++++++++++
OvmfPkg/Library/TdxLib/TdxLib.inf | 48 ++++++
OvmfPkg/Library/TdxLib/TdxLibSec.inf | 45 +++++
OvmfPkg/Library/TdxLib/X64/Tdcall.nasm | 125 ++++++++++++++
OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm | 211 +++++++++++++++++++++++
OvmfPkg/OvmfPkg.dec | 6 +
13 files changed, 1268 insertions(+)
create mode 100644 MdePkg/Include/IndustryStandard/Tdx.h
create mode 100644 MdePkg/Include/Library/TdxLib.h
create mode 100644 MdePkg/Include/Protocol/Tdx.h
create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.c
create mode 100644 MdePkg/Library/TdxLib/TdxLibNull.inf
create mode 100644 OvmfPkg/Library/TdxLib/AcceptPages.c
create mode 100644 OvmfPkg/Library/TdxLib/Rtmr.c
create mode 100644 OvmfPkg/Library/TdxLib/TdReport.c
create mode 100644 OvmfPkg/Library/TdxLib/TdxLib.inf
create mode 100644 OvmfPkg/Library/TdxLib/TdxLibSec.inf
create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdcall.nasm
create mode 100644 OvmfPkg/Library/TdxLib/X64/Tdvmcall.nasm
--
2.29.2.windows.2
next reply other threads:[~2021-03-09 6:13 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-09 6:12 Min Xu [this message]
2021-03-09 6:12 ` [PATCH V3 1/3] MdePkg: Add Tdx support lib Min Xu
2021-03-09 6:25 ` Yao, Jiewen
2021-03-09 8:23 ` Min Xu
2021-03-09 6:12 ` [PATCH V3 2/3] OvmfPkg: Add PCDs for TdxLib Min Xu
2021-03-09 6:44 ` Yao, Jiewen
2021-03-09 8:27 ` Min Xu
2021-03-09 6:12 ` [PATCH V3 3/3] OvmfPkg: Implement library support for TdxLib SEC and DXE on OVMF Min Xu
2021-03-09 6:46 ` Yao, Jiewen
2021-03-09 12:57 ` [PATCH V3 0/3] Add TdxLib support for Intel TDX Laszlo Ersek
2021-03-09 13:06 ` Laszlo Ersek
2021-03-09 14:38 ` [edk2-devel] " Laszlo Ersek
2021-03-10 0:25 ` Yao, Jiewen
2021-03-10 1:07 ` Brijesh Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1615269637.git.min.m.xu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox